Does log4r also possess security vulnerabilities like log4j. And does log4j security vulnerabilities also affect log4r
CodePudding user response:
This has been addressed by the creator of log4r
(Aaron Jacobs) on the log4r
Github page, here:
We are in no way affected by that CVE, nor is there an analogous design flaw in this package.
So, the authors do not think so.
CodePudding user response:
A nice place to check for security vulnerabilities in R packages is Sonatype OSS Index.
They don't find any known vulnerabilities in the current version of log4r
on CRAN: https://ossindex.sonatype.org/component/pkg:cran/log4r